We have an ASA configured to access the internet, which works fine for clients who have an IP address assigned by DHCP, but not for clients with manually assigned IPs.

For instance, with the DHCP server configured to give IP addresses between 172.16.101.1 and 172.16.101.10, a device may get the IP address 172.16.101.1. This machine will have connectivity to the internet.

If we then configure DHCPd server range as 172.16.101.2 to 172.16.101.10 and statically assign the 172.16.101.1 IP to the client, it will not have internet access. It will, however have inside access and VPN access.

What is the license on the ASA? Base config only allows 10 clients, so if you have already have 10 clients connected then the 11th won't be able to connect. It doesn't look like you had this issue, but worth noting as this has bitten me a couple of times.
–
dunxdFeb 19 '13 at 12:30

2 Answers
2

You are getting that deny because you have not allowed the returning ICMP ping packet on the outside interface of the firewall. ICMP is stateless and because of this you will need to allow the traffic out and in. Something like this will fix that.

This was not an issue with the ASA, but with the server we were testing with.
After setting the IP to static, dhclient continued to run. Upon attempting to renew the lease, it would fail and the server would lose it's network connection.